Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. lucien_phoenix

    lucien_phoenix Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    134
    Location:
    Germany
    thx for the info eric i take this for future reference
     
  2. lucien_phoenix

    lucien_phoenix Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    134
    Location:
    Germany
    i was on bounty rift with my Demonhunter in Diablo III last bounty on tour
    then suddenly hpa process stacks with 21,5 % and playin is impossible +
    the bad eu server structure from blizzard so i try to cut the damnes hpa
    process (Systemexplorer)and i lost the battlenet connection,and so i lost
    my d3 progress. This mess was on HitmanPro.Alert 3.0.32 - Build 167, Release Candidate
    two times.
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Oh that is not good. Next time it happens try to generate a dump via TaskManager on the hmpalert.exe process. This way we can see why the load started to rise to 21%.
     
  4. SouthwestChief

    SouthwestChief Registered Member

    Joined:
    Mar 14, 2015
    Posts:
    1
    I had been having the 99% lag with HitmanPro on my Vista 64 system lately. It would complete the scan, but it took a lot longer then normal. Typically around 7-9 minutes to scan. Normal time used to be under a minute.

    I went into the HitmanPro settings (Advanced) and changed the Mode from Compatible Disk Access to Direct Disk Access (recommended)

    This fixed the lag problem. Super fast scan now and back to under a minute.

    Hope this will help anyone with similar issues.
     
  5. schemer

    schemer Registered Member

    Joined:
    Dec 18, 2014
    Posts:
    10
    I have a question. Malwarebytes Pro during its daily scan has been notifying me of a "Non Malware detected" and the file is "plsapp64.dll" by Sendori. It is in my Windows/System32 folder. I will attempt to send it here for review. I am not sure if I should delete or quarantine it or if it will negatively affect one of my apps. HitMan Pro does not seem to be worried about it and neither does Eset NOD32. And VirusTotal shows 2 negatives out of over 50.
    Thanks,
    schemer

    I tried to zip the file but it won't let me send it. Also, I can see the file in Windows/System32 but it is not visible if I try to attach the .dll by clicking the upload file and browsing to the same location. How do I send it here?
     
  6. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Erik, I think these are false positives. Turned up after rebuilding my XP system. Same files as in previous builds.
    Code:
    HitmanPro 3.7.9.238
    www.hitmanpro.com
    
      Computer name . . . . : 2082-52G
      Windows . . . . . . . : 5.1.3.2600.X86/2
      User name . . . . . . : 2082-52G\xxxxxxx
      License . . . . . . . : Free
    
      Scan date . . . . . . : 2015-03-19 10:59:04
      Scan mode . . . . . . : Normal
      Scan duration . . . . : 2m 42s
      Disk access mode  . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot  . . . . . . . : No
    
      Threats . . . . . . . : 0
      Traces  . . . . . . . : 6
    
      Objects scanned . . . : 421,991
      Files scanned . . . . : 5,571
      Remnants scanned  . . : 38,192 files / 378,228 keys
    
    Suspicious files ____________________________________________________________
    
      C:\Toolbx\Pidgin\pidgin.exe
      Size . . . . . . . : 60,176 bytes
      Age  . . . . . . . : 4.6 days (2015-03-14 20:46:38)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : F9E096D90F7A11A4635D26B6DDB02665D315976233AA6A41850A899A66EDD9F8
      Product  . . . . . : Pidgin
      Publisher  . . . . : The Pidgin developer community
      Description  . . . : Pidgin
      Version  . . . . . : 2.10.11
      Copyright  . . . . : Copyright (C) 1998-2010 The Pidgin developer community (See the COPYRIGHT file in the source distribution).
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
      Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
      Time indicates that the file appeared recently on this computer.
      References
      C:\Documents and Settings\All Users\Start Menu\Programs\Pidgin.lnk
    
      C:\WINDOWS\system32\DRIVERS\pelmouse.sys
      Size . . . . . . . : 19,456 bytes
      Age  . . . . . . . : 4.5 days (2015-03-14 23:55:57)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 084BFC56E7B264E33EEFEEFB60EF7AEB892FBF47CCE5F6A30CA8BE8FE53A8C86
      Product  . . . . . : Mouse Suite 98
      Publisher  . . . . : TPMX Electronics Ltd.
      Description  . . . : Mouse Suite Driver
      Version  . . . . . : 2.1.0.0
      Copyright  . . . . : Copyright (C) TPMX Electronics Ltd. 1999 - 2009
      Service  . . . . . : pelmouse
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 27.0
      The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
      Starts automatically as a service during system bootup.
      Time indicates that the file appeared recently on this computer.
      The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
      The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Startup
      HKLM\SYSTEM\ControlSet001\Services\pelmouse\
    
      C:\WINDOWS\system32\DRIVERS\pelusblf.sys
      Size . . . . . . . : 26,112 bytes
      Age  . . . . . . . : 4.5 days (2015-03-14 23:55:57)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 7FE0EAA12DAAAA6EE3D8C9083E68FD65581A0C79067A106002B5DD4DAF7524C9
      Product  . . . . . : Mouse Suite 98
      Publisher  . . . . : TPMX Electronics Ltd.
      Description  . . . : USB Mouse Filter Driver
      Version  . . . . . : 2.1.0.0
      Copyright  . . . . : Copyright (C) TPMX Electronics Ltd. 1999 - 2009
      Service  . . . . . : pelusblf
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 27.0
      The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
      Starts automatically as a service during system bootup.
      Time indicates that the file appeared recently on this computer.
      The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
      The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Startup
      HKLM\SYSTEM\ControlSet001\Services\pelusblf\
     
  7. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    I've been meaning to report this for a long time now, but I get a lot of crashes with hmpsched on XP, W7 and W8. This log is for XP. I have the dump if you need it. I know HMPA is more important right now. The log is just for the records. I can bump this later when more time is available.
     

    Attached Files:

  8. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    Hello,

    I keep getting this report from Hitman Pro. I can delete the file/files, but they come back in a few days. From the research I have done so far it appears to be a legit file, so I am wondering if this is a false positive?


    The file comes up clean if I send it to VirusTotal. I have also checked my system with the following programs:


    Malwarebytes Anti-Malware

    Malwarebytes stand alone beta rootkit

    TDSSKILLER

    Microsoft Safety Scanner

    Malicious Software Removal Tool (download version)

    Avast Free Antivirus (full scan)

    AVG rescue CD

    Avira rescue CD

    Kaspersky rescue CD


    All of the above come up clean. Below is the Hitman Pro report.

    Please note I have removed a few items for my privacy.

    Also the below location is not the original location. The two files were moved into the “Short Storage” folder to send to VirusTotal. The original location was C:\Windows\ServiceProfiles\LocalService\AppData\Local

    Also, in the log file where it states Avast for the Product, Publisher, and Description, this sometimes appears as belonging to Microsoft Corp.


    HitmanPro 3.7.9.238

    www.hitmanpro.com


    Computer name . . . . :

    Windows . . . . . . . : 6.1.1.7601.X64/4

    User name . . . . . . :

    UAC . . . . . . . . . : Enabled

    License . . . . . . . : Paid (185 days left)


    Scan date . . . . . . : 2015-03-19 20:32:50

    Scan mode . . . . . . : Normal

    Scan duration . . . . : 1m 38s

    Disk access mode . . : Direct disk access (SRB)

    Cloud . . . . . . . . : Internet

    Reboot . . . . . . . : No


    Threats . . . . . . . : 0

    Traces . . . . . . . : 2


    Objects scanned . . . : 1,008,211

    Files scanned . . . . : 9,743

    Remnants scanned . . : 180,012 files / 818,456 keys


    Suspicious files ____________________________________________________________


    C:\Short Storage\~FontCache-S-1-5-21-3577397020-2736849049-1377367973-1001.dat

    Size . . . . . . . : 8,388,608 bytes

    Age . . . . . . . : 0.3 days (2015-03-19 13:20:36)

    Entropy . . . . . : 6.9

    SHA-256 . . . . . : 417C5028F8FEAE9E6B5D297FB7C84F621FF84D7C1212B7330407D1D9EA76730E

    Product . . . . . : Avast Antivirus

    Publisher . . . . : AVAST Software

    Description . . . : avast! start-up scanner

    Version . . . . . : 9.0.0.251

    LanguageID . . . . : 1029

    Fuzzy . . . . . . : 52.0

    The file is hidden from Windows API. This is typical for malware.

    The file is completely hidden from view and most antivirus products. It may belong to a rootkit.

    The file name extension of this program is not common.

    Program is running but currently exposes no human-computer interface (GUI).

    Time indicates that the file appeared recently on this computer.

    The file is in use by one or more active processes.

    The file is a device driver. Device drivers run as trusted (highly privileged) code.
     
  9. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    After running a scan with HMP it offers options on any detections....What is the purpose of the ignore option?....I mean if I use other AV's the ignore option means that you've "instructed" the AV to ignore the detections and they will not appear in subsequent scans (Zemana seems to understand this simple concept for example)....Yet HMP ignores the ignore instruction....So, what is its purpose?
     
  10. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Take note, I received this from surfright customer support...


    HitmanPro is not compatible with frequent reinstalls.
    Please confirm that you want me to do this one-time complete reset of your key.
    Best regards,
    Lisa
    HitmanPro Support
    Want to see HitmanPro.Alert 3.0 in action? Watch this video: https://www.youtube.com/watch?v=XrSP-CMjuFk
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Most Wilders members are not compatible with the current license mechanism as some of you guys reinstall your computer 10 times per month. Send me a PM and I'll resolve it.

    The license mechanism will change in the near future to support unlimited reinstalls of the computer.
     
  12. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Nice.

    Does it also support transferring, or only re-installs on the same hardware?
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    It does not support transferring.
     
  14. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK

    Hmm, did you receive my pm?
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yep :thumb:
     
  16. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Thanks Erick, all resolved now and one happy customer :)
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.9 build 240

    Changelog
    • IMPROVED: Remnant scan
    • IMPROVED: Forensic clustering
    • IMPROVED: Command line switch /proxy is no longer case sensitive
    • FIXED: False positive on jusched.exe
    All users are updated automatically.
     
  18. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems with build 240 (W7 64 bits).
     
  19. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    That´s great news.
    Will this include some kind of customer portal, where we can manage and renew our licenses ??

    Over the years I have just made a note in my calendar when licenses where up for renewal and then went to your site, paid for renewal and then got new license keys.
    That was not a problem due to how HitmanPro works. If it slipped ones mind, then no harm done. Just renew it one of the following days.

    However with HitmanPro.Alert 3 (on same keys) being part of ones active security, I would rather not find myself in a situation where a renewal slipped my mind and HitmanPro.Alert suddenly reverted to free version.
    That would mean I lost all the most powerful features. :(

    A customer portal where we could keep track of things - and perhaps even get a reminder email from upon renewal - would be really pleasant.
     
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Ditto.
     
  21. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi Erik and Hi Mark

    Can you check this File please and whitelisted the File please

    With best Regards
    Mops21
     

    Attached Files:

  22. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi Erik and Hi Mark

    Any Infos for my Posts 6442 + 6471 available

    With best Regards
    Mops21
     
  23. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Are you serious? Two minutes after post 6471 you ask in post 6472 about the status of 6471?
     
  24. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64, hp upgraded b238 -> b240, hpa172, FF-x86 36.0.4 and FF-Nightly-x64 39.0a1, IE11

    hp-b240 is running fine without problems!
     
    Last edited: Mar 28, 2015
  25. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    FYI, HitmanPro is currently defusing a critical vulnerability caused by outdated Dell System Detect applications, present on over 100,000 Dell computers world-wide.

    The critical vulnerability allows attackers to automatically infect Dell computers, simply by including the string 'dell' in the attack URL. This causes the DellSystemDetect.exe process from the Dell System Detect application to automatically install arbitrary code (malware) on the vulnerable machine, without using any exploit that involves memory corruption.

    The reason why we choose to mitigate this so-called Remote Code Execution (RCE) vulnerability is because the Dell System Detect application runs silent without the knowledge of the user on every Dell computer, while has no automatic updater to update itself and solve the vulnerability. Also, the Dell System Detect software is a non-essential application and does not affect the way you use the web or perform daily computing tasks.

    HitmanPro will flag outdated DellSystemDetect.exe software as "DellSystemDetectVuln" (although the general classification will be malware due to a textual limitation in HitmanPro). The DellSystemDetect.exe application is not malicious in nature but we encourage users to quarantine outdated versions due to the security issue they pose.

    DellSystemDetect_EN.PNG

    Background information regarding this vulnerability:
    SuperFish
    Last February we performed a similar move by purposely attacking the legitimate SuperFish application on Lenovo laptops. The Superfish software allowed attackers to control and read secure HTTPS communications: https://www.wilderssecurity.com/thre...iscussion-thread.236732/page-256#post-2460981

    Update: After our decision and like with SuperFish, it is good to see that other security vendors are following our move to remove Dell System Detect as well: https://blog.malwarebytes.org/explo...detect-vulnerability-now-classified-as-a-pup/
     
    Last edited: Apr 3, 2015
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.